1. Field of the Invention
The present invention relates to the field of virtual metropolitan area network (VMAN) topologies and internetwork communications technologies. In particular, the present invention relates to a protocol for use in a VMAN network architecture to route and forward data packets according to the VMAN configuration.
2. Background Information and Description of Related Art
A metropolitan area network (MAN) is a network that interconnects users with computer resources in a geographic area or region larger than that covered by a local area network but smaller than the area covered by a wide area network. The term is typically applied to the interconnection of networks in a city into a single larger network (which may then also offer efficient connection to a wide area network). The amount of data traffic being sent over MANs is increasing at an exponential rate. This is due in part to the increasingly ubiquitous use of the Internet by consumers and businesses, as well as the increasingly bandwidth-intensive nature of the Internet applications that are being deployed.
An important aspect of MANs is the ability of MAN service providers to create virtual private network network connections (VPNs) across a single MAN infrastructure, referred to as a virtual metropolitan area network (VMAN). VMANs allow customers having multiple locations within a metropolitan area to transport private traffic, including virtual local area network (VLAN) traffic, over the shared single MAN.
However, the use of vMANs to handle traffic from multiple customers over a single MAN creates access and security issues. Therefore, it is important to segregate one customer from another so that there is no co-mingling of traffic.
In addition, customer traffic must be transported over the MAN without interfering with the customers' own higher-layer protocols such as DECnet, or private IP subnets. For example, the DECnet Phase IV protocol can cause problems when routed to a Layer 2 MAN because the DECnet protocol changes the media access control (MAC) address in the packet's datalink header. Since duplicate MAC addresses are typically not allowed, MAN service providers end up managing DECnet streams by hand—something which neither the provider nor the customer wants.
Accordingly, a new approach is needed to securely manage traffic in a VMAN network architecture while not interfering with higher level protocols.